The setup.ini file is used when installing the application from the command line or when using the Group Policy Editor of Microsoft Windows. To apply settings from the setup.ini file, place this file into the folder containing the Kaspersky Endpoint Security distribution package.
The setup.ini file consists of the following sections:
[Setup]
– general settings of application installation.[Components]
– selection of application components to be installed in Standard mode. If none of the components are specified, all components that are available for the operating system are installed. File Threat Protection is a mandatory component and is installed on the computer regardless of which settings are indicated in this section. The Managed Detection and Response component is also absent from this block. To install this component, you must activate Managed Detection and Response in the Kaspersky Security Center Console.[Tasks]
– selection of tasks to be included in the list of Kaspersky Endpoint Security tasks. If no task is specified, all tasks are included in the task list of Kaspersky Endpoint Security.The alternatives to the value 1
are the values yes
, on
, enable
, and enabled
.
The alternatives to the value 0
are the values no
, off
, disable
, and disabled
.
Settings of the setup.ini file
Section |
Parameter |
Description |
---|---|---|
|
|
Path to the application installation folder. |
|
|
Kaspersky Endpoint Security activation code. |
|
|
Acceptance of the terms of the End User License Agreement. The text of the License Agreement is included in the distribution kit of Kaspersky Endpoint Security. Accepting the terms of the End User License Agreement is necessary for installing the application or upgrading the application version. |
|
|
Acceptance of the Privacy Policy. The text of the Privacy Policy is included in the Kaspersky Endpoint Security distribution kit. To install the application or upgrade the application version, you must accept the Privacy Policy. |
|
|
Agreement or refusal to participate in Kaspersky Security Network (KSN). If no value is set for this parameter, Kaspersky Endpoint Security will prompt to confirm your consent or refusal to participate in KSN when Kaspersky Endpoint Security is first started. Available values:
The Kaspersky Endpoint Security distribution package is optimized for use with Kaspersky Security Network. If you opted not to participate in Kaspersky Security Network, you should update Kaspersky Endpoint Security immediately after the installation is complete. |
|
|
Set the user name for accessing the features and settings of Kaspersky Endpoint Security (the Password protection component). The user name is set together with the |
|
|
Specify a password for accessing Kaspersky Endpoint Security features and settings (the password is specified together with the If you specified a password but did not specify a user name with the |
|
|
Specify the scope of the password for accessing Kaspersky Endpoint Security. When a user attempts to perform an action that is included in this scope, Kaspersky Endpoint Security prompts for the user's account credentials ( Available values:
For example, |
|
|
Enabling or disabling the application installation protection mechanism. Available values:
Installation protection includes protection against replacement of the distribution package with malicious applications, blocking access to the installation folder of Kaspersky Endpoint Security, and blocking access to the system registry section containing application keys. However, if the application cannot be installed (for example, when performing remote installation with the help of Windows Remote Desktop), you are advised to disable protection of the installation process. |
|
|
Enabling or disabling Azure WVD compatibility mode. Available values:
This feature allows correctly displaying the state of the Azure virtual machine in the Kaspersky Anti Targeted Attack Platform console. To monitor the performance of the computer, Kaspersky Endpoint Security sends telemetry to KATA servers. Telemetry includes an ID of the computer (Sensor ID). Azure WVD compatibility mode allows assigning a permanent unique Sensor ID to these virtual machines. If the compatibility mode is turned off, the Sensor ID can change after the computer is restarted because of how Azure virtual machines work. This can cause duplicates of virtual machines to appear on the console. |
|
|
Automatic restart of the computer, if required after installation or upgrade of the application. If no value is set for this parameter, automatic computer restart is blocked. Restart is not required when installing Kaspersky Endpoint Security. Restart is required only if you have to remove incompatible applications prior to installation. Restart may also be required when updating the application version. |
|
|
In the %PATH% system variable, add the path to executable files located in the Kaspersky Endpoint Security setup folder. Available values:
|
|
|
Enables or disables protection of the Kaspersky Endpoint Security processes using AM-PPL technology (Antimalware Protected Process Light). For more details about AM-PPL technology, please visit the Microsoft website. AM-PPL technology is available for Windows 10 version 1703 (RS2) or later, and Windows Server 2019 operating systems. Available values:
|
|
|
Application upgrade mode:
You can upgrade the application without a restart starting with version 11.10.0. To upgrade an earlier version of the application, you must restart the computer. You can also install patches without a restart starting with version 11.11.0. Restart is not required when installing Kaspersky Endpoint Security. So, the upgrade mode of the application will be specified in the application settings. You can change this parameter in the application settings or in the policy. When upgrading already installed application, the priority of the parameter specified in the setup.ini file is higher than that of the parameter specified in the application settings or in the command line. For example, if |
|
|
Enable writing of registry keys from the setup.reg file to the registry. |
|
|
Enabling or disabling application tracing. After Kaspersky Endpoint Security starts, it saves trace files in the folder
|
|
|
Level of detail of traces. Available values:
|
|
|
Managing the application through the REST API. To manage the application through the REST API, you must specify the user name ( Available values:
To manage the application through the REST API, management using administrative systems must be allowed. To do so, set the |
|
|
User name of the Windows domain account used for managing the application through the REST API. Management of the application through the REST API is available only to this user. Enter the user name in the format Adding a user name is a prerequisite for managing the application through the REST API. |
|
|
Port used for managing the application through the REST API. Port 6782 is used by default. Make sure that the port is free. |
|
|
Certificate for identifying requests (for example, |
|
|
Adding predefined scan exclusions and trusted applications. Predefined scan exclusions and trusted applications help quickly configure Kaspersky Endpoint Security on SQL servers, Microsoft Exchange servers, and System Center Configuration Manager. For example, predefined scan exclusions for SQL servers include MDF and LDF database files. Available values:
|
|
|
Installing the application in Endpoint Detection and Response Agent (EDR Agent) mode. Endpoint Detection and Response Agent is an application that is installed on individual workstations and servers in the IT infrastructure of the organization to support the Kaspersky Managed Detection and Response and Kaspersky Anti Targeted Attack Platform (EDR) solutions. EDR Agent is compatible with third-party EPP applications. This lets you use third-party infrastructure security tools alongside Detection and Response by Kaspersky. To install EDR Agent, in the Available values:
|
|
|
Installation of all components. If the parameter value Because of the way Detection and Response solutions are supported, Endpoint Detection and Response Optimum as well as Kaspersky Sandbox components are installed on the computer. The Endpoint Detection and Response Expert component is not compatible with this configuration. |
|
|
Mail Threat Protection. |
|
|
Web Threat Protection. |
|
|
AMSI Protection. |
|
|
Host Intrusion Prevention. |
|
|
Behavior Detection. |
|
|
Exploit Prevention. |
|
|
Remediation Engine. |
|
|
Firewall. |
|
|
Network Threat Protection. |
|
|
Web Control. |
|
|
Device Control. |
|
|
Application Control. |
|
|
Adaptive Anomaly Control. |
|
|
Cloud Discovery. |
|
|
Log Inspection |
|
|
System Integrity Monitoring. |
|
|
File Level Encryption libraries. |
|
|
Full Disk Encryption libraries. |
|
|
BadUSB Attack Prevention. |
|
|
Endpoint Detection and Response Optimum (EDR Optimum). The component is not compatible with EDR Expert ( |
|
|
Endpoint Detection and Response Expert (EDR Expert). The component is not compatible with EDR Optimum ( |
|
|
Endpoint Detection and Response (KATA). The component is not compatible with EDR Expert ( |
|
|
Kaspersky Sandbox. |
|
|
Managed Detection and Response. |
|
|
Application management using administration systems. Administration systems include, for example, Kaspersky Security Center. In addition to Kaspersky administration systems, you can use third-party solutions. Kaspersky Endpoint Security provides an API for this purpose. Available values:
|
|
|
Integration with KUMA. |
|
|
Installing the application in Endpoint Detection and Response Agent (EDR Agent) mode for integration with Kaspersky Anti Targeted Attack Platform (EDR). |
|
|
Installing the application in the Endpoint Detection and Response Agent (EDR Agent) mode for integration with Kaspersky Managed Detection and Response. |
|
|
Full Scan task. Available values:
|
|
|
Critical Areas Scan task. Available values:
|
|
|
Update task. Available values:
|